Mifare RFID Tags : Classic, Plus S or Plus X?
Solving the problems of security for RFID tags.
Mifare RFID tags are probably the most widely used tags for applications that need some form of security component. However, in the last few years, the original version of Mifare has been shown to have limitations that allowed its security to be compromised.
NXP, the developers, have responded with two new versions of Mifare tags; the Mifare Plus S and Mifare Plus X. This guide provides a short introduction.
NXP have also advised that their current 4 byte unique identifiers will run out this year : see our FAQ on Mifare Coding.
Comparing the Mifare Tag Families
Mifare tags were the basis of the original “contactless smart card” and have been widely used for payment card and ticketing applications. NXP Semiconductors, the patent holders for the Mifare chip, estimate that over 1 billion chips and over 10 million readers have been sold worldwide since the Mifare family was first introduced in 1992.
The Mifare tag has been used in such applications as 2006 Football World Cup tickets, Moscow metro, London’s Oyster Card, and at Imperial College London and other institutions for student and staff identity and access cards.
The Mifare tag’s security algorithm is used to authenticate the tag to a reader and to protect the confidentiality of the data stored on the card. When the Mifare Classic was first introduced in 1994, a proprietary algorithm (Crypto-1) was developed to provide a robust level of security and acceptable performance. However, since that time chip storage and performance have improved making the use of standardized algorithms practical. Also the abilities of the criminal community have improved and the computing power available for security attacks has increased greatly.
In 2007 the first weaknesses were made public and in 2008 a research group demonstrated that it was possible to clone and manipulate the contents of a Mifare Classic card.
To address these issues NXP developed a new range of Mifare chips; the Mifare Plus.
These chips offer new users a secure system and users of existing Mifare Classic based tags the important facility of combining compatibility with existing systems with the potential for subsequent upgrade to a more secure platform.
Of course, simply implementing the Mifare Plus card on an existing Mifare Classic based application does not bring any security benefit. However, the Mifare Plus solution allows the security level on a tag to be stepped up once the tag is in use. So, new Mifare Plus tags can be issued (with compatibility with an existing solution) and at a future point upgraded when the rest of the solution is upgraded.
New users of Mifare, can of course, get the benefits of the improved security provided by Mifare Plus straightaway. The standard version (Mifare Plus S) provides access to AES (Advanced Encryption System) with its 128 bit encryption key but the greatest improvement is offered by implementing Mifare Plus X. A range of additional facilities become possible because of the extended (“eXpert”) command set but the most important feature of the Mifare Plus X tag is its ability to provide a mixed mode security solution combining the performance capabilities of Crypto-1 and the robust security facilities of the AES standard. Plus X cards also support proximity checking, a technique designed to prevent cloning attacks by relaying data with unauthorized accesses.
Our fact sheet, available in downloads, has a table comparing the features of each of the Mifare family.